Intel AMT Features > System Defense > Detailed Description > Processing Network Packets with System Defense

Processing Network Packets with System Defense

The following figure illustrates the processing flow of a packet processed by System Defense filters.

For each received/transmitted packet:

1.  Check with each filter in the active policy.

2.  If any filter matched:

   If one of the matched filters is a drop filter or a rate limit filter that has reached its threshold, drop the packet.

   Else, pass the packet.

3.  If the packet does not match any filter, check the default filter:

   If Drop: Drop the packet.

   Else: Allow the packet to pass to the OS driver or to the network.

When a packet matches the conditions in a filter the following actions can take place:

   If the filter is a drop filter, the packet is discarded. It is not sent to the host driver or to the network.

   If the filter is a rate limit filter and the number of packets exceeds the threshold, the packet is dropped.

   If an event is defined for this filter, an event is raised by the Intel AMT event manager. Management console applications can register with the Intel AMT device to receive PET alerts on these events and/or store the events in the Intel AMT event log. An event is raised only once per filter until the next call to AMT_SystemDefensePolicy.UpdateStatistics or in the event of a power down.

See Also:

   Create an Ethernet Filter

   Create an IP Filter

   Delete a Specific Filter

   Create a System Defense Policy

Copyright © 2006-2022, Intel Corporation. All rights reserved.